Public Option: How Medical Records and Patient-Doctor Recordings Were Exposed

The UpGuard Cyber Risk team has reported medical data, along with the personally identifiable information (PII) of almost 3,000 people, held by Medcall Healthcare Advisors in an insecure Amazon S3 storage bucket. The exposed data included injury intake forms from 181 business locations across the US, along with audio recordings of phone call between patients, Medcall operators and Doctors. The publicly writable storage bucket also included a directory of CSV files, including full social security numbers of around 3,000 Medcall-enrolled individuals.